Wi-Fi of more than a billion PCs, phones, gadgets can be snooped on. But you're using HTTPS, SSH, VPNs... right?

2020-02-27 00:29

An eavesdropper doesn't have to be logged into the target device's wireless network to exploit KrØØk. If successful, the miscreant can take repeated snapshots of the device's wireless traffic as if it were on an open and insecure Wi-Fi. These snapshots may contain things like URLs of requested websites, personal information in transit, and so on.

When these disassociation packets are received, vulnerable Wi-Fi controllers - made by Broadcom and Cypress, and used in countless computers and gadgets - will overwrite the shared encryption key with the value zero.

"KrØØk affects devices with Wi-Fi chips by Broadcom and Cypress that haven't yet been patched," ESET said.

"These are the most common Wi-Fi chips used in contemporary Wi-Fi capable devices such as smartphones, tablets, laptops, and IoT gadgets."

In the meantime, encrypt as much network traffic as possible, especially over Wi-Fi, using HTTPS, SSH, VPNs, and so on, so that if your network-level encryption is smashed, you're still protected from snoopers at the application layer or thereabouts.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/27/wifi_chip_bug_eset/

#http #https #phone #SSH #VPN #wifi

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
SSH		10	2	8	7	3	20
Billion		4	1	0	2	7	10